Isn't Spotify P2P? Maybe someone did some nutty stuff with that.
i don't think so, i believe how it works is that you stream the music (like streaming videos) from their database at a stuff bitrate. the premium version offers a higher but still mediocre bitrate, it will always be at a lower quality than actually buying a download of the music.
the most obvious vulnerabilities spotify has is probably their ads, seeing how there's probably a lot of examples of ads doing malicious stuff in programs, and the service owners not giving a stuff as long as they get money. that and the ads give you cancer